Privacy Policy

This privacy policy covers Nash — the service at nash-checkout.pier39.ai (powered by the open nash.v1 protocol), plus any AI shopper agent that talks to it on your behalf, including the Nash MCP connector (used in Claude Desktop, Cowork, and other MCP clients) and the Nash Custom GPT.

Nash does two things, and this policy covers both:

  1. Shopping & checkout — you ask an AI agent to find a product; Nash helps you place a real order and pay for it. This involves your name, email, shipping address, and a payment.
  2. Negotiation proxy — the legacy nash.v1 chat flow that forwards messages between a shopper agent and a store's seller agent. This involves only request metadata and the messages themselves.

Effective date: November 2025 · Last updated: June 2026


What we collect

When you place an order (shopping & checkout)

To create and fulfill an order, Nash collects the information you provide to your AI agent and pass to us:

This information is necessary to take your order, charge you, and place the order with the merchant.

Payment information is handled by Stripe, not by Nash. When you complete a purchase, you enter your card details directly on Stripe Checkout (a PCI-DSS Level 1 provider). Nash never sees or stores your full card number, CVC, or other sensitive payment credentials. We receive only a payment confirmation and limited, non-sensitive details from Stripe (for example, a payment/charge identifier and the last four digits, used to match payments to orders and to process refunds). See Stripe's privacy policy.

When you use the negotiation proxy

When a shopper agent calls our proxy API, we receive:

We do NOT collect

What we do with it

Order data

Negotiation / proxy data

We do NOT:

Who we share data with

We share data only with the service providers needed to complete your order, and only what each one needs:

Recipient What they receive Why
Stripe Payment details you enter on Stripe Checkout; order amount Process your payment, refunds, and disputes
The merchant / store you buy from Your name, email, and shipping address; the items ordered Fulfill and ship your order; handle returns per their policy
Email provider (e.g. Resend) Your email address and order confirmation content Send you order/confirmation emails
Anthropic (Claude API) Conversation messages, for Pier39-operated seller agents Power the AI agent that helps you shop
Fly.io (hosting) Standard network/platform metadata Run the service

Each store you buy from is a separate party with its own privacy practices. The Nash directory lists third-party Nash-enabled storefronts, and Nash can also shop stores discovered via live web search. Review their individual privacy policies before shopping — the nash.v1 protocol (and Nash's checkout) creates the channel; it doesn't standardize their data practices.

Data retention

Data Retention
Order and transaction records (name, email, shipping address, items, payment metadata) As long as needed to fulfill the order and provide support, and thereafter to meet legal, tax, accounting, refund, and dispute obligations (financial records typically up to 7 years)
Active negotiation chat sessions (in memory) Up to 1 hour idle, then discarded
Server access logs (request metadata) Up to 30 days
Anonymized, aggregated request counts Indefinite

We do not retain individual negotiation transcripts after a session ends. Payment card details are retained by Stripe under their policy, not by Nash.

Your rights

You can:

Depending on where you live, you may have additional rights (such as under the CCPA/CPRA or GDPR), including the right to know what we hold and to request deletion. Email us to exercise them.

Cookies

The Nash API and proxy endpoints do NOT set advertising or cross-site tracking cookies.

Payment pages are hosted by Stripe Checkout and may set cookies that Stripe needs to process the payment and prevent fraud; those are governed by Stripe's policy.

Third-party services

Children

Nash is a commerce service intended for adults who can form a binding contract. It is not directed at children under 13, and we do not knowingly collect data from anyone under 13. If you believe a child has provided us information, contact us and we'll delete it.

Changes to this policy

We'll update this page when we change anything material about data handling. The "Last updated" date at the top reflects the most recent revision. Substantive changes will be announced on our launch surfaces (GitHub releases, blog).

Contact

For privacy questions, data access or deletion requests, or anything else covered above, email sanjana@pier39.ai or open an issue at github.com/sanjana-pier39/pier39-skills/issues.


Summary in one paragraph

Nash helps you shop and check out across many stores from an AI agent. To place an order we collect your name, email, and shipping address, and we charge you through Stripe — Nash never sees your full card number. We share your order with the merchant so they can ship it, with Stripe to take payment, and with our email provider to confirm it. We keep order records as long as the law requires (financial records up to ~7 years), keep server logs up to 30 days, and discard negotiation transcripts when a session ends. We don't sell your data, don't train AI on it, and don't run ads. Each store has its own privacy practices — check theirs too. The code is open source.